sbv-8.1: SMT Based Verification: Symbolic Haskell theorem prover using SMT solving.

Copyright (c) Levent Erkok BSD3 erkokl@gmail.com experimental None Haskell2010

Documentation.SBV.Examples.ProofTools.Strengthen

Description

An example showing how traditional state-transition invariance problems can be coded using SBV, using induction. We also demonstrate the use of invariant strengthening.

This example comes from Bradley's Understanding IC3 paper, which considers the following two programs:

     x, y := 1, 1                    x, y := 1, 1
while *:                        while *:
x, y := x+1, y+x                x, y := x+y, y+x


Where * stands for non-deterministic choice. For each program we try to prove that y >= 1 is an invariant.

It turns out that the property y >= 1 is indeed an invariant, but is not inductive for either program. We proceed to strengten the invariant and establish it for the first case. We then note that the same strengthening doesn't work for the second program, and find a further strengthening to establish that case as well. This example follows the introductory example in Bradley's paper quite closely.

Synopsis

# System state

data S a Source #

System state. We simply have two components, parameterized over the type so we can put in both concrete and symbolic values.

Constructors

 S Fieldsx :: a y :: a
Instances
 Source # Instance details Methodsfmap :: (a -> b) -> S a -> S b #(<\$) :: a -> S b -> S a # Source # Instance details Methodsfold :: Monoid m => S m -> m #foldMap :: Monoid m => (a -> m) -> S a -> m #foldr :: (a -> b -> b) -> b -> S a -> b #foldr' :: (a -> b -> b) -> b -> S a -> b #foldl :: (b -> a -> b) -> b -> S a -> b #foldl' :: (b -> a -> b) -> b -> S a -> b #foldr1 :: (a -> a -> a) -> S a -> a #foldl1 :: (a -> a -> a) -> S a -> a #toList :: S a -> [a] #null :: S a -> Bool #length :: S a -> Int #elem :: Eq a => a -> S a -> Bool #maximum :: Ord a => S a -> a #minimum :: Ord a => S a -> a #sum :: Num a => S a -> a #product :: Num a => S a -> a # Source # Instance details Methodstraverse :: Applicative f => (a -> f b) -> S a -> f (S b) #sequenceA :: Applicative f => S (f a) -> f (S a) #mapM :: Monad m => (a -> m b) -> S a -> m (S b) #sequence :: Monad m => S (m a) -> m (S a) # Source # Fresh instance for our state Instance details Methods Show a => Show (S a) Source # Instance details MethodsshowsPrec :: Int -> S a -> ShowS #show :: S a -> String #showList :: [S a] -> ShowS #

# Encoding the problem

problem :: (S SInteger -> [S SInteger]) -> [(String, S SInteger -> SBool)] -> IO (InductionResult (S Integer)) Source #

We parameterize over the transition relation and the strengthenings to investigate various combinations.

The first program, coded as a transition relation:

The second program, coded as a transition relation:

# Examples

Example 1: First program, with no strengthenings. We have:

>>> ex1
Failed while establishing consecution.
Counter-example to inductiveness:
S {x = -1, y = 1}


Example 2: First program, strengthened with x >= 0. We have:

>>> ex2
Q.E.D.


Example 3: Second program, with no strengthenings. We have:

>>> ex3
Failed while establishing consecution.
Counter-example to inductiveness:
S {x = -1, y = 1}


Example 4: Second program, strengthened with x >= 0. We have:

>>> ex4
Failed while establishing consecution for strengthening "x >= 0".
Counter-example to inductiveness:
S {x = 0, y = -1}


Example 5: Second program, strengthened with x >= 0 and y >= 1 separately. We have:

>>> ex5
Failed while establishing consecution for strengthening "x >= 0".
Counter-example to inductiveness:
S {x = 0, y = -1}


Note how this was sufficient in ex2 to establish the invariant for the first program, but fails for the second.

Example 6: Second program, strengthened with x >= 0 /\ y >= 1 simultaneously. We have:

>>> ex6
Q.E.D.


Compare this to ex5. As pointed out by Bradley, this shows that a conjunction of assertions can be inductive when none of its components, on its own, is inductive. It remains an art to find proper loop invariants, though the science is improving!